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Abstract. The coverability and boundedness problems for Petri nets are known to be Expspace- 
complete. Given a Petri net, we associate a graph with it. With the vertex cover number k of this 
graph and the maximum arc weight W as parameters, we show that coverability and boundedness are 
in ParaPspace. This means that these problems can be solved in space O (ef(k, W)poly(n)), where 
ef(k, W) is some exponential function and poly(n) is some polynomial in the size of the input. We 
then extend the ParaPspace result to model checking a logic that can express some generalizations of 
. coverability and boundedness. 

1 Introduction 



Petri nets, introduced by C. A. Petri [TH], are popularly used for modelling concurrent infinite state systems. 
Using Petri nets to verify various properties of concurrent systems is an ongoing area of research, with 
£^ , abstract theoretical results like [5] and actually constructing tools for C programs like [Tl]. Reachability, 

coverability and boundedness are some of the most fundamental questions about Petri nets. All three of 
them are ExPSPACE-hard [T7]- Coverability and boundedness are in Expspace [2J. Reachability is known 
to be decidable [TSJ [TS] but no upper bound is known. 

In this paper, we study the parameterized complexity of coverability and boundedness problems. The 
' parameters we consider are vertex cover number k of the underlying graph of the given Petri net and the 

maximum arc weight W. We show that both problems can be solved in space exponential in the parameters 
and polynomial in the size of the input. Such algorithms are called ParaPspace algorithms. Fundamental 
complexity theory of such parameterized complexity classes have been studied [10j . but parameterized Ptime 
(popularly known as Fixed Parameter Tractable, Fpt) is the most widely studied class. Usage of other 
parameterized classes such as ParaPspace is rare in the literature. 
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■ As mentioned before, one of the uses of Petri nets is modelling software. It is desirable to have better 

complexity bounds for certain classes of Petri nets that may have some simple underlying structure due 
to human designed systems that the nets model. For example, it is known that well structured programs 
have small treewidth [21] . Unfortunately, the Petri net used by Lipton in the reduction in [T7] (showing 
ExPSPACE-hardness) has a constant treewidth. Hence, we cannot hope to get better bounds for coverability 
and boundedness with treewidth as parameter. Same is the case with many other parameters like pathwidth, 
cycle rank, dagwidth etc. Hence, we are forced to look for stronger parameters. In [20], we studied the effect 
of a newly introduced parameter called benefit depth. In this paper, we study the effect of using vertex cover 
as parameter, using different techniques. The class of Petri nets with bounded benefit depth is incomparable 
with the class of Petri nets with bounded vertex cover. 

Feedback vertex set of a graph is a set of vertices whose removal leaves the graph without any cycles. 
The smallest feedback vertex set of the Petri net used in the lower bound proof of [17] is large (as opposed 
to treewidth, pathwidth, cycle rank etc., which are small). In the context of modelling software, smallest 
feedback vertex set can be thought of as control points covering all loop structures. In fact, the Petri net in 
the lower bound proof of |17] models a program that uses a large number of loops to manipulate counters 
that can hold doubly exponential values. Removal of a feedback vertex set leaves a Petri net without any 
cycles. It would be interesting to explore the complexity of coverability and boundedness problems with the 
size of the smallest feedback vertex set as parameter. We have not been able to extend our results to the case 
of feedback vertex set yet, but hope that these results will serve as a theoretically interesting intermediate 
step. 

In a tutorial article [7], Esparza argues that for most interesting questions about Petri nets, the rule of 
thumb is that they are all ExPSPACE-hard. Despite this, the introduction of the same article contains an 
excellent set of reasons for studying finer complexity classification of such problems. We will not reproduce 
them here but note some relevant points — many experimental tools have been built that solve Expspace- 
complete problems that can currently handle small instances. Also, a knowledge of complexity of problems 



helps in answering other questions. In such a scenario, having an "extended dialog" with the problem is 
beneficial, and parameterized complexity is very good at doing this [5]. 

Related work. In |23j , Rosier and Yen study the complexity of coverability and boundedness problems with 
respect to different parameters of the input instance, such as number of places, transitions, arc weight etc. 
In particular, they show that the space required for boundedness is exponential in the number of unbounded 
places and polynomial in the number of bounded places. If for a Petri net, the smallest vertex cover is the set 
of all places, our results coincide with those found in [33]. Hence, our results refine those of Rosier and Yen. 
In [13] . Habermehl shows that the problem of model checking linear time /^-calculus formulas on Petri nets 
is PsPACE-complete in the size of the formula and ExPSPACE-complete in the size of the net. However, the 
/i-calculus considered in (T3J cannot express coverability and boundedness. In [35], Yen extends the induction 
strategy used by Rackoff in 21. to give Expspace upper bound for deciding many other properties. Another 
work closely related to Yen's above work is [JJ . 

One-counter automata are closely related to Petri nets. Precise complexity of reachability and many other 
problems of this model have been recently obtained in [T2J [TJJ . We have adapted some of the techniques used 
in [12l [TTJ , in particular the use of [16l Lemma 42] . 

The effect of treewidth and other parameters on the complexity of some pebbling problems on digraphs 
have been considered in [6] Section 5] . These problems relate to the reachability problem in a class of Petri 
nets (called Elementary Net Systems) with semantics that are different from the ones used in this paper (see 
[2"2] for details of different Petri Net semantics) . 

2 Preliminaries 

Let Z be the set of integers and N the set of natural numbers. A Petri net is a 4-tuple J\f = (P, T, Pre, Post), 
where P is a set of places, T is a set of transitions and Pre and Post are the incidence functions: Pre : 
PxT-> [0 . . . W] (arcs going from places to transitions) and Post : P x T — > [0 . . . W] (arcs going from 
transitions to places), where W > 1. In diagrams, places will be represented by circles and transitions by 
thick bars. Arcs are represented by weighted directed edges between places and transitions. 

A function M : P — > N is called a marking. A marking can be thought of as a configuration of the Petri 
net, with every place p having M(p) tokens. Given a Petri net M with a marking M and a transition t such 
that for every place p, M(p) > Pre(p,t), the transition t is said to be enabled at M and can be fired. After 
firing, the new marking M' (denoted as M =^=> M') is given by M'(p) = M(p) — Pre{p, t) + Post(p, t) for every 
place p. A place p is an input (output) place of a transition t if Pre(p,t) > 1 (Post(p,t) > 1) respectively. 
We can think of firing a transition t resulting in Pre(p,t) tokens being deducted from every input place 
p and Post(p',t) tokens being added to every output place p' . A sequence of transitions a = t\ti---t r 
(called firing sequence) is said to be enabled at a marking M if there are markings Mi, . . . , M r such that 
M ==>• Mi • • • M r . M, Mi, . . . , M r are called intermediate markings. The fact that firing a at M 
results in M r is denoted by M =>• M r . 

We assume that a Petri net is presented as two matrices for Pre and Post. In the rest of this paper, we 
will assume that a Petri net M has m places, n transitions and that W is the maximum of the range of Pre 
and Post. We define the size of the Petri net to be \J\f\ = 2mnlogW + mlog |Mo| bits, where \Mq\ is the 
maximum of the range of the initial marking Mq. 

Definition 2.1 (Coverability and Boundedness). Given a Petri net with an initial marking Mo and 
a target marking M cov , the Coverability problem is to determine if there is a firing sequence a such that 
M => M' and for every place p, M'(p) > M cov (p) (this is denoted as M' > Al cov ). The boundedness 
problem is to determine if there is a number c £ N such that for every firing sequence a enabled at Mo with 
Mq =>■ M , M(p) < c for every place p. 

In the Petri net shown in Fig. [JJ the initial marking Mq is given by Mq(p\) = 1 and Mo(p2) — Mo(pd.) = 0. 
If M cov is defined as M cov (jpi) = M cov {j>i) — 1 and M cov {p^) = 0, then M cov is not coverablc since p\ and 
P2 cannot have tokens simultaneously. Since for any c e N, the Petri net in Fig. [JJ can reach a marking 
where p 3 has more than c tokens (by firing the sequence tii 2 repeatedly), this Petri net is not bounded. 
Lipton proved both coverability and boundedness problems to be ExPSPACE-hard [T71 [7] . Rackoff provided 
Expspace upper bounds for both problems [3TJ. In the definition of the coverability problem, if we replace 
M' > M cov by M' — M cov , we get the reachability problem. Lipton's Expspace lower bound applies to the 
reachability problem too, and this is the best known lower bound. Though the reachability problem is known 
to be decidable [13 [15], no upper bound is known. Many of the problems that are decidable for bounded 
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Fig. 1. An example of a Petri net 

Petri nets are undecidable for unbounded Petri nets. Model checking some logics extending the one defined 
in section [6] fall into this category. Esparza and Nielsen survey such results in [8]. Reachability, coverability 
and boundedness are few problems that remain decidable for unbounded Petri nets. 

3 Vertex Cover for Petri Nets 

In this section, we introduce the notion of vertex cover for Petri nets and intuitively explain how small vertex 
covers help in getting better algorithms. We will also state and prove the key technical lemma used in the 
next two sections. 

For a normal graph G = (V, E) with set of vertices V and set of edges E, a vertex cover VC C V is a 
subset of vertices such that every edge has at least one of its vertices in VC. Given a Petri net AT, we associate 
with it an undirected graph G(Af) whose set of vertices is the set of places P. Two vertices are connected by 
an edge if there is a transition connecting the places corresponding to the two vertices. To be more precise, 
if two vertices represent two places pi and P2, then there is an edge between the vertices in G{M) iff in M, 
there is some transition t such that Pre(pi,t) + Post(pi,t) > 1 and Pre(p2,t) + Post(p 2 ,t) > 1. If a place 
p is both an input and an output place of some transition, the vertex corresponding to p has a self loop in 
G{J\f ). Any vertex cover of G(N) should include all vertices that have self loops. 

Suppose VC is a vertex cover for some graph G. If v\,v 2 ^ VC are two vertices not in VC that have the 
same set of neighbours (neighbours of a vertex v are vertices that have an edge connecting them to v), v\ 
and v 2 have similar properties. This fact is used to obtain Fpt algorithms for many hard problems, e.g., see 
[9]. The same phenomenon leads to ParaP space algorithms for Petri net coverability and boundedness. In 
the rest of this section, we will define the formalisms needed to prove these results. 

Let the places of a Petri net M be pi,P2, ■ ■ ■ ,p m - Suppose there is a vertex cover VC consisting of 
places p\, . . . ,pk- We say that two transitions t\ and t 2 are of the same type if Pre{pi,t\) = Pre(pi,t2) 
and Post{pi,t\) = Post(pi,t 2 ) for all i between 1 and k. In Fig. [51 transitions t\ and t$ are of the same 
type. Intuitively, two transitions of the same type behave similarly as far as places in the vertex cover are 
concerned. Since there can be 2k arcs between a transition and places in VC and each arc can have weight 
between and W, there can be at most (W + l) 2fe different types of transitions. 

Let p be a place not in the vertex cover VC. Suppose there are I < (W + l) 2fc types of transitions. Place 
p can have one incoming arc from or one outgoing arc to each transition of the net (it cannot have both 
an incoming and an outgoing arc since in that case, p would have a self loop and would be in VC). If p' is 
another place not in VC, then no transition can have arcs to both p and p', since otherwise, there would 
haven been an edge between p and p' in G(Af) and one of the places p and p' would have been in VC. Hence, 
places not in VC cannot interact with each other directly. Places not in VC can only interact with places 
in VC through transitions and there are at most I types of transitions. Suppose p and p' have the following 
property: for every transition t that has an arc to/from p with weight w, there is another transition t' of 
the same type as t that has an arc to/from p' with weight w. Then, p and p' interact with VC in the same 
way in the following sense: whenever a transition involving p fires, an "equivalent" transition can be fired 
that involves p' instead of p, provided there are enough tokens in p' . In Fig. [21 places p§ and pe satisfy the 
property stated above. Transition t$ can be fired instead of t\, t§ can be fired instead of t 2 etc. 

Definition 3.1. Suppose N is a Petri net with vertex cover VC and I types of transitions. Let p VC 
be a place not in the vertex cover. The variety var[p] of p is defined as the functioi^ var[p] : {1, . . . I, } — > 
2{-W,...,W}\{0] ^ where j or every j between 1 and I and every w ^ between — W and W , there is a transition 
tj of type j such that w = —Pre{p 1 tj) + Post{p,tj) iff w £ var[p\. We denote varieties of places byv, v' etc. 

1 The author acknowledges an anonymous IPEC referee for pointing out an error here in the submitted version. 




Fig. 2. A Petri net with vertex cover {pi, . . . ,^4} 



In the above definition, since p ^ VC, at most one among Pre(p,tj) and Post(p,tj) will be non-zero. 

The fact that transitions can be exchanged between two places of the same variety can be used to obtain 
better bounds on the length of firing sequences. For example, suppose a firing sequence a is fired in the 
Petri net of Fig. [2J with an initial marking that has no tokens in p§ and p§. Let c be the maximum number 
of tokens in any place in any intermediate marking during the firing of a. Since there are 6 places and 
each intermediate marking has at most c tokens in every place, the number of possible distinct intermediate 
markings is (c 4- l) 6 . This is also an upper bound on the length of a (if two intermediate markings are 
equal, then the subsequence between those two markings can be removed without affecting the final marking 
reached) . Now, suppose that in the final marking reached, P5 and p$ do not have any tokens and we replace all 
occurrences of £5, 46, £7 and t% in a by ti,fo,ta and t\ respectively. After this replacement, the final marking 
reached will be same as the one reached after firing a. Number of tokens in p§ will be at most 2c in any 
intermediate marking and there will be no tokens at all in p§. Variation in the number of tokens in pi,p2,P3 
and pi do not change (since as far as these places are concerned, transitions t^^te^t? and t$ behave in the 
same way as do t±, , t% and t± respectively) . Hence, in any intermediate marking, each of the places Pi , P2 , P3 
and P4 will still have at most c tokens. When we exchange the transitions as mentioned above, there might 
be some intermediate markings that are same, so that we can get a shorter firing sequence achieving the 
same effect as the original one. These duplicate markings signify the "redundancy" that was present in the 
original firing sequence cr, but was not apparent to us due to the distribution of tokens among places. After 
removing such redundancies, the new upper bound on the length of the firing sequence is (2c + l).(c+ l) 4 , 
which is asymptotically smaller than the previous bound (c+ l) 6 . A careful observation of the effect of this 
phenomenon on Rackoff 's induction strategy in [21] leads us to the main results of this paper. 

Definition 3.2. Let pi and pi be two places of the same variety. Let a be a firing sequence. A sequence of 
transitions a' = t% . . .t r is said to be a sub-word of a if there are positions i\ < ■ ■ ■ < i r in a such that for 
each j between 1 and r, ij th transition of a is tj. Suppose a' is a sub-word of a made up of transitions that 
have an arc to /from p\. Transferring a' from p\ to p 2 means replacing every transition t of a' (which 
has an arc to/from p\ with some weight w) with another transition t' of the same type as t which has an arc 
to/from P2 with weight w. The sub-word a' is said to be safe for transfer from p\ if for every prefix a" of 
a', the effect of a" on pi (i.e., the change in the number of tokens in pi as a result of firing all transitions 
in a" ) is greater than or equal to 0. 

Intuitively, if some sub- word a' is safe for transfer from pi, it never removes more tokens from pi than it 
has already added to p\. So if we transfer a' from p\ to P2, the new transitions will always add tokens 
to P2 before removing them from p 2 , so there is no chance of number of tokens in p 2 becoming negative 
due to the transfer. However, the number of tokens in p\ may become negative due to some old transitions 
remaining back in the "untransferred" portion of the original firing sequence a. The following lemma says 
that if some intermediate marking has very high number of tokens in some place, then a suitable sub-word 
can be safely transfered without affecting the final marking reached or introducing negative number of tokens 
in any place, but reducing the maximum number of tokens accumulated in any intermediate marking. The 
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proof is a simple consequence of [THl Lemma 42], which is about one-counter automata. An one-counter 
automaton is an automaton with a counter that can store natural numbers. Apart from changing its state, 
the automaton can increment the counter, test it for zero and decrement it when not zero. It is proven in 
[TBI Lemma 42] that if a one-counter automaton can reach from one of its configuration to another, it can do 
so without increasing the intermediate values of the counter by large numbers. A full proof of the following 
lemma is included in the Appendix for easy reference. 

Lemma 3.3 (Truncation lemma, [16]). Let p\ and p 2 be places of the same variety. Let e G N be any 

number and a be a firing sequence. Suppose during the firing of a , there are intermediate markings Mi and 
M3 such that Mx(pi) — e and Mz{pi) < e. Suppose M2 is an intermediate marking between M\ and M3 such 
that M2(pi) > e + W 2 + W 3 is the maximum number of tokens in p\ at any intermediate marking between 
Mi and M3. Then, there is a sub-word a' of a that is safe for transfer from p\ to P2 such that 

1. The total effect of a' on p\ is 0. 

2. After transferring a' to P2, the number of tokens in p\ at M2 is strictly less than the number of tokens 
in p\ at Mi before the transfer. 

3. No intermediate marking will have negative number of tokens in p\ after the transfer. 

There can be at most (2 2W ) 1 < 2 2W ( W+1 "> varieties of places that are not in the vertex cover VC, if the 
number of places in the vertex cover is k. For each variety v, we designate one of the places having v as its 
variety as special, and use p v to denote it. We will call S — VC U {p v \ v is the variety of a place not in VC} 
the set of special places. We will denote the set P \ S using / and call the places in / independent places. 
We will use k' for the cardinality of S and note that k' < k + 2 2W ( W+1 ) . If k and W are parameters, then 
k! is a function of the parameters only. Hence, in the rest of the paper, we will treat kl as the parameter. 

4 ParaPspace algorithm for the Coverability problem 

In this section, we will show that for a Petri net M with a vertex cover of size k and maximum arc weight 
W, the coverability problem can be solved in space 0{ef(k,W)poly(\Af\ + log |M co „|)). Here, ef is some 
computable function exponential in k and W while poly(\J\f \ + log |-M co „|) is some polynomial in the size of 
the net and the marking to be covered. We will need the following definition, which is Definition 3.1 from 
[2Tj adapted to our notation. 

Definition 4.1. Let Q C P be some subset of places such that I C Q. For a transition t and functions 

M,M' :P^Z,we write M M' ifM'(p) = M(p)-Pre(p,t) + Post(p,t) for allp G P and M(q), M' (q) > 

Q 

for all q G Q. Let M cov be some marking to be covered. For a function M : P — s> Z 7 a firing sequence 

a = ti^2 • • • t r * s sa id t° be Q-covering from M Q if there are intermediate functions Mi,M 2 , ■ ■ ■ ,M r such 

that Mq — 4> M% — ^> ••• — ^ M r and M r (q) > M cov (q) for all q G Q. The firing sequence a is further 
Q Q Q 

said to be Q,e-covering if for all i between and r — 1. the functions Mj above satisfy Mj(g) < e for all 
q G Q. For a function M : P Z, let lencov(Q, M, M cov ) be the length of the shortest firing sequence 
that is Q-covering from M. Define lencov(Q, M, M cov ) to be if there is no such sequence. Define — 
m&x{lencov{Q,M,M cov ) \ I C Q C P,\Q \ I\ = i, M : P ->• Z}. 

Intuitively, a Q-covering sequence does not care about places that are not in Q, even if some intermediate 
markings have "negative number of tokens" . The number £(i) is an upper bound on the length of covering 
sequences that only care about independent places and i special places. Obviously, we are only interested in 
£(k'), but other values help in obtaining it. With slight abuse of terminology, we will call functions M : P — > Z 
also as markings. It will be clear from context what is meant. 

Let R be the maximum of the range of M cov , the marking to be covered. We will denote R + W + W 2 + W 3 
by R' . Recall that m is the number of places in the given Petri net. The following lemmas give an upper 
bound on £(k'). 

Lemma 4.2. £(0) < mR. 

Proof. £(0) is the length of the shortest /-covering sequence. Recall that all places in / are independent of 
each other, so if a transition has an arc to one of the places in /, it does not have arcs to any other place in 
/. Since an /-covering sequence does not care about places in S, it only has to worry about adding tokens 
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to places in I. If a transition adds a token to some place p in /, it does not remove tokens from any other 
place in /. Hence, this transition can be repeated R times to add at least R tokens to the place p, which is 
all that is needed for p. Arguing similarly for other places in /, a total of mR transitions are enough to add 
all required tokens to all places in /, since there are less than m places in /. □ 

Lemma 4.3. £(i + 1) < R' m (W£(i) + R) i+1 + £{i). 

Proof. Suppose I C Q C P and \Q \ I\ = i + 1. Suppose there is a sequence a that is Q-covering from 
some M . Let p be any place in I of some variety v. Let M be the first intermediate marking such that 
M(p) > M cov (p). We have M(p) < R + W. We distinguish two cases: 

1. For all intermediate markings M' after M, M'(p) > M(p). This means the number of tokens in p 
never goes below M(p) after the marking M. Let a' be the sub- word of a that consists of all transition 
occurrences after M that has an arc to/from p. The sub- word a' is safe for transfer from p to p v . We 
transfer a' from p to p v and note that in the final marking reached after the transfer, p still has M(p) 
tokens, which is enough to cover M cov . 

2. Let M' be the last intermediate marking such that M'{p) < M(p). We invoke the truncation lemma by 
setting e = M(p) < R+ W, Mi = M and M 3 — M' . We can then transfer the sub-word a' identified by 
the truncation lemma to p v to reduce the number of tokens in p in some intermediate markings between M 
and M' . We repeat this process until there are no more than R' tokens in p in any intermediate marking 
between M and M'. Let M" be the first intermediate marking after M' such that M"(p) > M cov (p). 
Again, M"(p) < R + W. If no intermediate marking M3 after M" has M^(p) < M"(p), we can transfer 
all transitions with an arc to/from p occurring after M" to p v . Otherwise, we can invoke truncation 
lemma again to ensure that p has at most R' tokens in any intermediate marking after M" . 

Repeating the above case analysis for every independent place p E I, we get a firing sequence n that is Q- 
covering from Mq such that in all intermediate markings, every independent place p has at most R' tokens. 
If this sequence happens to be Q, (W£(i) + i?)-bounded, then R' m (W£(i) + R) l+1 is an upper bound on 
its length (since all independent places have at most R' tokens and the i + 1 places in Q \ I have at most 
(W£(i) + R) tokens in all intermediate markings) and we are done. 

Otherwise, suppose there is some place q £ Q \ I and some intermediate marking M such that M(q) > 
W£(i) + R. Let M be the first such marking and call the prefix of tt up to M as 7Ti and the rest of it as TT2- 
The length of 7Ti is at most R' m (W£(i) + R) l+1 . The sequence TT2 is a (Q \ {<7})-covering sequence from M. 
By definition, there is such a sequence ir' 2 °f length at most £(i). The sequence TriTr' 2 is a (Q \ {g})-covering 
sequence from M . Since M(q) > W£(i) + R and ir' 2 removes at most W£(i) tokens from q, tt\-k' 2 is in fact a 
Q-covering sequence from M . Its length is bounded by R' m (W£(i) + R) t+1 + £(i). □ 

The following lemma gives an upper bound on £{i) using the recurrence relation obtained above. 

Lemma 4.4. £(i) < (2mT^i?i?') m(i+1)! ■ 

Proof. By induction on i. For i = 0, £(0) < mR < (2mW RR') mU . 
i = 1: 

£(1) <R' m (W£(0) + R)+£(0) 
<R' m {WmR + R) + mR 

< (WRR') m mR + mR 

< {mWRR'f™ + mR 

< 2{mWRR') 2m 

< (2mWRR') m2 ' 
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i > 2: 



£(i + l) < 
< 
< 
< 
< 
< 
< 
< 

The last step follows since 

i > 2 => i\ > 2 

+ > 2(i + l) 
(i + 1)! > 2(i + l) 
=► (i + l)(i + 1)! + {i + 1)! > (t + l)(t + 1)! + 2(t + 1) 
=*► (i + 2)(t + 1)! > (i + l)((i + 1)! + 2) 
(i + 2)! > (i + l)((i + l)! + 2) 

□ 

Theorem 4.5. M^it/i f/ie vertex cover number k and maximum arc weight W as parameters, the Petri net 
coverability problem can be solved in ParaPspace. 

Proof. From the Lemma EH we get £{k') < (2mW RR') m{k . To guess and verify a covering sequence 
of length at most £(k'), a non-deterministic Turing machine needs to maintain a counter and intermediate 
markings, which can be done using memory size 0(m(k' + l)!(mlog \ M$ \ + log m + log W + log R + log R')). 
An application of Savitch's theorem then gives us the ParaPspace algorithm. □ 



R' m (W£(i) + R) l+1 +£(i) 

R' m {W{2mWRR') m{l+1) - + R) t+1 + {2mWRR') m(t+iy - 
{WRR') m{t+l) {2mWRR') m{l+l) - {t+l) + (2mWRR') m{t+1) - 
{2mWRR') m{l+1 \2mWRR') m{l+mi+1) + {2mW RR') m{l+l) - 
{2mWRR') m{l+1){{l+1) - +1) + (2mWRR') m{l+1) - 
2{2mWRR') m{l+mi+1) - +1) 

(2mWRR') m{t+mi+1){+2} 
{2mWRR') m{i+2) - 



5 The boundedness problem 

In this section, we will show that with vertex cover number and maximum arc weight as parameters, the 
Petri net boundedness problem can be solved in ParaPspace. If there is a firing sequence a such that 
Mo ==>• Mi and an intermediate marking M such that M < Mi (i.e., M < Mi and M ^ Mi), then a is 
called a self-covering sequence. It is well known that a Petri net is unbounded iff the initial marking enables a 
self-covering sequence. Similar to the recurrence relation for the length of covering sequences, Rackoff gave a 
recurrence relation for the length of self-covering sequences also in |21j . We will again use truncation lemma 
to prove that this recurrence relation grows slowly for Petri nets with small vertex cover. The following 
lemma formalizes the way truncation lemma is used in boundedness. 

Definition 5.1. Let Q C P he a subset of places with I C Q. Let Mq : P — > Z be some function. A 
firing sequence a = t\ti ■ ■ ■ t r is said to be a Q-enabled self-covering sequence if there are intermediate 

functions Mi, Mo, . . . , M r t, . . . , M r with r' < r such that Mn Mi — ^ • • • — ^ Mw — > ■ ■ ■ M r and 

' Q Q . Q Q 

M r i < M r . We call the subsequence between M r * and M r as the pumping portion of the self-covering 

sequence. 

Lemma 5.2. Suppose Q C P is a subset of places with ICQ. Let U be the maximum of the range of 
the initial marking. If there is a Q-enabled self-covering sequence, then there is a Q-enabled self-covering 
sequence in which none of the places in I will have more than U + W + W 2 + W 3 tokens in any intermediate 
marking. 

Proof. Let a = t\t% ■ ■ -t r be the Q-enabled self-covering sequence with Mq — 1 -> Mi — ^ • • • — ^ M r i — > 

Q Q Q 

■ ■ ■ — ^ M r and M r > < M r . First ensure that for every place p with M r (p) > M r > (p), M r (p) > M r > (p) + 2W. 
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If this is not the case, we can repeat the pumping portion of a 2W times to ensure it. After this modification, 
let <7i<72 be the Q-enabled self-covering sequence with <ii being the pumping portion. Consider the Q-enabled 
self covering sequence o\ 02 02- For convenience, we will denote this sequence by it\it2, where tt\ = <J\ct2 and 
7T2 = 02, with 7T2 being the pumping portion. 

Consider a place p of some variety v in /. Let M be the last intermediate marking during the firing of 
7Ti from Mq such that M(p) is the minimum number of tokens in p among all intermediate markings. 

Case 1: M(p) > Mq(p). In this case, the number of tokens in p does not come below Mq(p) at all. Let 
7r' be the sub- word of 7Ti7T2 consisting of all transitions having an arc to/from p. Transfer it' to p v . If the 
number of tokens in p was being increased by tt-i before the transfer, the transfer will result in the number 
of tokens in p remaining unchanged during the pumping portion. To remedy this, identify the last transition 
that adds tokens to p v and transfer it back to p. Since tt^ was adding at least 2W tokens to p v (which we 
ensured in the beginning of this proof), the above mentioned transfer of one transition back to p will not 
affect firability of any transition and will also ensure that the number of tokens in both p and p v increase 
during pumping portion TT2- 

Case 2: M(p) < Mo(p). Invoking truncation lemma with e = Mq(p) + W, we identify sub-words between 
Mq and M and transfer them to p v so that in any intermediate marking, p has at most U + W + W 2 + W 3 
tokens. Let it 1 be the sub- word of 7Ti7T2 consisting all transitions having an arc to/from p, occurring between 
M and the final marking reached. This sub- word it' is safe for transfer from p to p v (since M(p) is the 
minimum number of tokens in p reached during the firing of tt\ and 7T2 will not decrease the number of 
tokens in p below M{p) in any intermediate marking after M) and we transfer it to p v . Again, if iT2 was 
increasing the number of tokens in p before the above transfer, identify the last transition adding tokens to 
p v and transfer it back to p. As in the first case, this will ensure that the number of tokens in both p and p v 
increase during pumping portion tt2- 

For every independent place p G /, we identify and transfer sub-words to p v based on one of the above 
two cases. Finally, we end up with a Q-enabled self-covering sequence in which none of the independent 
places will have more than U + W + W 2 + W 3 tokens in any intermediate marking. □ 

Before we can use Lemma 15.21 we need the following technical lemmas. The first one is an adaptation of 
Lemma 4.5 in Rackoff 's paper [21] to our setting. 

Lemma 5.3. Let Q C P with I C Q and U' G N be such that there is a Q-enabled self-covering sequence 
from some Mq in which all intermediate markings have at most U' tokens in any independent place. Also 
suppose that all intermediate markings have at most e tokens in any place in Q\I. Then, there is a Q-enabled 
self-covering sequence of length at most 8k'(2e) c k 3 (U'W) C m for some constant c' . 

Proof. Suppose the given self-covering sequence is of the form M — ^ Mi M 2 with cr 2 being the 

Q Q 

pumping portion. The length of <j\ is at most U' m e k . For reducing the length of 02, we will closely follow 
the proof of Lemma 4.5 in Rackoff 's paper [3T]. Let a Q-loop be any sequence of transitions whose total 
effect is on any place in Q. 

As in Rackoff 's proof of Lemma 4.5 in [21], remove Q- loops from 02 carefully until what remains behind 
is a sequence a' 2 of length at most (U' m e k + l) 2 . Let b £ N fc be a vector containing a 1 in each coordinate 
corresponding to a special place in S whose number of tokens is increased by 02 and in all other coordinates. 
If 7r is a Q-loop, its loop value is the vector in Z k , which contains in each coordinate the total effect of it 
on the corresponding special place in S. Let LCZ' be the set of loop values that were removed from 02 ■ 
Let B be the matrix with k' rows, whose columns are the members of L. For any sequence it, let ef(7r) be 
the vector in Z k , which contains in each coordinate the total effect of tt on the corresponding special place 
in S. Since a 2 is a pumping portion, ef(o- 2 ) > b. Now, the effect of cr 2 can be split into the effect of a' 2 and 
the effect of Q- loops that were removed from <7 2 - If x (*) is the number of Q-loops removed from ct 2 whose 
loop value is equal to the i th column of B, then we have Bx > b — ef (er 2 ). 

A loop value is just the effect of at most e k U' m transitions, and hence each entry of B is of absolute 
value at most e k U' m W. The matrix B has therefore at most (2e k U' m W + l) k columns. Each entry of 
b - ef(<7 2 ) is of absolute value at most W(e k 'U' m + l) 2 + 1. Letting d x = k' and d = max{(2e fe 't/'"W + 
l) k ' , e k 'U' m W, W(e k 'U' m + l) 2 + 1} < (2e) 3k ' (WW) 3 ™ 2 , we can apply Lemma 4.4 of 21 . The result is that 
there is a vector y E N' L ' such that the sum of entries of y is equal to l\ < d((2e) 3k {U'W) 3m ) ck for some 
constant c. Let c' be a constant such that h < k'(2e) c k (U'W) C m . 

Now, we will put l\ Q-loops back to <r 2 , which was of length at most (e k U' m + l) 2 . Since the length 
of each Q-loop is at most e k U' m , the total length of the newly constructed pumping portion is at most 
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(e k 'U' m + l) 2 + k'{2e) c ' k ' 3 {U'W) c ' m \ Together with a u whose length is at most e k 'U' m , we get a Q-enabled 
self-covering sequence of length at most 2(e k ' U' m + l) 2 + k' {2e) c ' k '\u'W) c ' mi < %k' {2e) c ' k '\u'W) c ' mi . □ 

Definition 5.4. Let U' G N be some fixed number (we will later use it to denote U + W + W 2 + W 3 , as in 
Lemma W^i . For j S N, Q C P with ICQ and a function M : P —> Z, let slencov(Q,j, M) be the length of 
the shortest Q-enabled self-covering sequence from M if there is a Q-enabled self-covering sequence from M in 
which all intermediate markings have at most U' +jW tokens in any independent place. Let slencov(Q, j, M) 
be if there is no such sequence. Define £i(i, j) = max {slencov(Q, j, M) \ I C Q C P, \Q \ I\ = i,M : P — » Z}. 

The following lemma is an immediate consequence of Lemma 4.5 in [21] . 

Lemma 5.5. There is a constant d such that £i(0,j) < (U' + jW) m . 

Lemma 5.6. £i(i + l,j) < 8k'(2W£i(i,j + l)) ((U'+jW)W) cm for some appropriately chosen constants 
c and c' . 

Proof. Suppose Q C P such that ICQ and \Q \ I\ = i + 1. Also suppose that there is a Q-enabled self- 
covering sequence from some marking M such that all intermediate markings have at most V + jW tokens 
in any independent place. If all intermediate markings have at most W£i(i,j + 1) tokens in any place in 
Q\I, the required result is a consequence of Lemma T5.31 substituting W£i(i,j + 1) for e and U' + jW for 
U'. 

Otherwise, let a = a\Ui be the self-covering sequence, with a 2 being the pumping portion. Ensure that 
for any independent place p, o~2 adds at most W tokens (otherwise, we can transfer from p to p v the last 
transition that adds tokens to p, where v is the variety of p). Let M\ be the first intermediate marking with 
more than W£i(i,j + 1) tokens in some special place q £ Q\I. Let the subsequence up to Mi be called tt\ 
and rest of the sequence be called 7T2 (the pumping portion o~2 is a suffix of cr — tti^)- The length of 7Ti 
is at most (W£i(i,j + l)) k (V + jW) m . Starting from Mi, 7T2CT2 is a Q-enabled self-covering sequence. At 
the end of 7T2, every independent place has at most U' + jW tokens. During the firing of 02 after 7T2, every 
independent place has at most U' + (j + 1)W tokens in any intermediate marking (since 02 adds at most W 
tokens to every independent place; see Fig. [3]). 




Fig. 3. Illustration for proof of Lemma [OH 



Hence, is a Q \ {g}-enabled self-covering sequence from Mi such that in all intermediate markings, 
every independent place has at most U' + (j + 1)W tokens. By definition, there is a Q \ {g}-enabled self- 
covering sequence tt' 2 from Mi of length at most £i(i,j + 1). Since M\{q) > W£i(i,j + 1) and M Mi, 
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7Ti7T2 is a Q-enabled self-covering sequence from M of length at most (W£i(i, j + l)) k (U' +jW) m +£i(i, j + 1) 

□ 



Now using Lemma [521 we can conclude that if there is a self-covering sequence, there is one of length at 
most t\(k! , 1), setting U' = U + W 2 + W 3 in the definition of l\. The following lemma gives an upper bound 
on this quantity. We use h to denote c'k' 3 . 

Lemma 5.7. t^ij) < (8fc') (1+ '' r {2W) poly ^\U' + (j + i)W) poly ^ h '^ where poly^h 1 ) and poly 2 {h l ) are 
polynomials in h l ,c' ,k' and m. 

Proof. By induction on i. £i{Q,j) < (U' + jW)™" < 8k'{U' + jW) m " . 

h{i + Li) < 8k'{2Wi 1 (i,j + l)) h ((U' +jW)W) c ' mi 

< 8k' \2W{8k') {l+h y '{2WY oly ^\U' + {j + 1 + i)W) poly ^ h ' 

{{U 1 + jW)W) c ' mi 

< (8k') 1+h< - 1+h ^ {2W) { - 1+volyi ^^ h+c ' mi (U' + (j + i + \)W) vcly2<yhl ^ h+c ' m4 

It is now enough to choose poly 1 and poly 2 such that poly 1 (h l+1 ) > (1 + poly 1 (h l ))h + c'm 4: , poly 2 (h°) > m d 
and poly 2 {h l+1 ) > poly 2 (h l )h + c'm 4 . These conditions are met by poly^h 1 ) = (h + c'm 4 )(h l — 1) and 
poly 2 (h l ) — ft'm + c'm 4 (h l — 1), assuming h > 2. □ 

Theorem 5.8. With the vertex cover number k and maximum arc weight W as parameters, the Petri net 
boundedness problem can be solved in ParaPspace. 

Proof. A non-deterministic Turing machine can test for unboundedness by guessing and verifying the pres- 
ence of a self-covering sequence of length at most £\{k' , 1). By Lemma [5.71 the memory needed by such 
a Turing machine is bounded by C(mlog \M \ + m + log W + (1 + c'k' 3 ) k ' logfc' + poly ^c"'' k' 3k ' ) log W + 
poly 2 (c' k ' k' 3k ')\og(U'k'W)), or O(mlog|M | + m + poly (c' 3k ' k' 3k ' ) \og{U'k'W)) for some polynomial poly. 
An application of Savitch's theorem now gives us the ParaPspace algorithm for boundedness. □ 



6 A logic based on Coverability and Boundedness 

Following is a logic (borrowed from [20]) of properties such that its model checking can be reduced to 
coverability (k) and boundedness (/3) problems, but is designed to avoid expressing reachability. This is a 
fragment of Computational Tree Logic (CTL). 

r ::= p, p G P | t\ + t 2 | cr, c G N 

k ::= t > c, c G N | K\ A k 2 | K\ V k 2 | EFk, 

f3::={ n ,...,T r }<LJ | -1/9 | ftVft 

::= /3 | k | 0i A 2 | fa V 2 

The satisfaction of a formula by a Petri net Af with initial marking Mo (denoted as Af, Mq |= </>) 
is defined below. The boolean operators work as usual. Note that every term (of type r) gives a function 
L T : P — >• N such that r is syntactically equivalent to ^2 p€P L T (p)p. 

— AT, M Q h t > c if E peP L T (p)M (p) > c. 

— A/", Mo |= EFk if there is a marking M reachable from Mo such that Af, M \= k. 

— N,Mo |= {ri,...,r r } < uj if 3c G N such that for all markings M reachable from Mo, there is a 
j e{l,...,r} such that ^ pe p L Tj (p)M(p) < c. 

In the Petri net of Fig. [TJ if we set M cov as M cov (pi) — M cov (p 2 ) — 1 and M cov (p 3 ) = 0, the coverability 
of M cov can be expressed as EF(pi > 1 Ap 2 > 1). Boundedness of the Petri net in Fig. Q] can be expressed 
as {pi +P2+P3} < If the k formulas of the above logic had allowed formulas of type r < c, then we could 
have expressed reachability of M cov as EF(pi > lApi < 1 Ap2 > 1A^2 < !Ap3 < 0). Since much less is 
known about the complexity of reachability, the above logic is designed to avoid expressing reachability. 
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Theorem 6.1. Given a Petri net with an initial marking and a formula cf>, if the vertex cover number k and 
the maximum arc weight W of the net are treated as parameters and the nesting depth D of EF modality in 
the formula is treated as a constant, then there is a ParaP space algorithm that checks if the net satisfies 
the given formula. 

The details of model checking k formulas is given in Sub-section 16.11 While reading [3] , we realized that 
there is a mistake in the reduction from model checking /3 formulas to checking the presence of self-covering 
sequences that we gave in |20j . However, it can be corrected using the notion of disjointness sequences 
introduced by Demri in [3]. Sub-section 16.21 gives the details of a ParaPspace algorithm for model checking 
j3 formulas using ideas borrowed from [3]. 

6.1 Model checking k formulas 

We now consider verifying the formulas k. We first reduce the formulas to the form of 7 A EF(ki) A ■ ■ ■ A 
EF(k,.), with 7 having only conjunctions of r > c formulas by nondeterministically choosing disjuncts from 
subformulas of k. We call 7 the content of k and ki,...,k t the children of k. Each of the children may 
have their own content and children, thus generating a tree with nodes r, with k at the root of this tree. 
We will represent the nodes of this tree by sequences of natural numbers, being the root. 

The maximum length of sequences in r is one more than the nesting depth of the EF modality in n 
and we denote it by D. Let [D] = {0, 1, ...,£) — 1}. If a G -T is a tree node that represents the formula 
n(a) = 7 A EF(ki) A • • • A EF(« r ), content(a) — 7 denotes the content of the node a. Let ratio{r > c) = 
max{ \c/L T (p)~\ | L T (p) ^0,p£ P}. Defining max(0) — 0, we define the maximum ratio at height i in the tree 
by ratio{i) — max{ratio(r > c) \ t > c appears as a conjunct in content(a) for some a £ T, \a\ = i + 1}. 

Definition 6.2. Recalling Def. \4-l\ let I' (M cov ) — max{ lencov (P, M, M cov ) \ M : P — > Z}. Given a formula 
k and a Petri net A/" with initial marking Mo, the bound function f : [D] x P — > N is defined as follows. We 
use f(j) for the marking defined by f(j)(p) = f(j,p). 

• f(D -l,p) = ratio{D - 1), 

• f (D - i,p) = m&x{ratio(D - i), W£'(f{D - i + 1)) + f{D - i + l,p)}, 1< i < D, 
. f(0,p)=M (p). 

A guess function g : r x P — >• N is any function that satisfies g(a,p) < f(\a\ — l,p) for all a £ T and p G P. 
If g is a guess function, g(a) is the marking defined by g(a)(p) — g{a,p). 

If a given Petri net satisfies the formula k — 7 A EF(«i) A • • • A EF(«v), then there exist firing sequences 
(Toi: ■ • ■ ,o~0r that are all enabled at the initial marking Mo such that Mo <T ° t > Mqi and Mqi satisfies Ki- In 
general, if K generates a tree with set of nodes r, then there is a set of sequences {a a | a G r \ {0}} and 
set of markings {M a \ a G r} such that M a ° J > M a j for all a, aj G r and M a satisfies contention) for all 
a G P. 

Lemma 6.3. There exist sequences {fi a \ a G -T\{0}} and markings {M a \ a G r} such that M a *'° i > M a j 
for all a,aj G r with M a satisfying content(a) and \fi a \ < £'(f(\a\ — 1)) iff there exist sequences \a a \ a G 
r \ {0}} and markings {M' a \ a G r} (Mq should be equal to Mo) such that M' a aJ > M' a j for all a, aj G F 
with M' a satisfying content(a). 

Proof. (=>) Since M a satisfies contentia), we can take M' a — M a and a a — /i a . 
(4=) Consider the following guess function: 

(M (p) ifa = 

g(a,p) = I M'Jp) if a ± and M' a {p) < f(\a\ - l,p) 
[ f(\a\ — l,p) otherwise 

By definition, g(a) < M' a and g(a) < f(\a\ — 1). Since a a j is a firing sequence that covers M' a j from M' a , 
there exist sequences \i a j that cover g(aj) starting from M' a whose length is at most £'{g{aj)) (and hence 

at most l'{f{\aj\ — 1))). We claim that there exist markings {M a a G r} such that M a M ° J > M a j for all 
a, aj G r and that M a satisfies content(a) for all a G r. 

First, we claim that every /i QJ - can be fired from M a and that every place p will satisfy at least one of 
the following two conditions: 



11 



1. M aj (p) > M' a .(p) 

2. M aj (p)>f(\aj\-l,p) 

We will prove this claim by induction on \a\. 

Base case: \a\ — 1. fj,oj is a firing sequence of length at most £'(g{0j)) that covers g(0j) starting from 
Mq. The claim is clear by the definition of g(0j). 

Induction step: We want to prove that fi a j can be fired at M a and that M a j satisfies the stated claims. 
We will prove these for an arbitrary place p. By induction hypothesis, either M a {p) > M' a (p) or M a (p) > 

/(M-i,p). 

First, suppose that M a (p) > M' a (p). Since \i a j covers g(aj) starting from M' a , M a j(p) > g{aj){p) and 
there are no intermediate markings between M a and M a j where p receives negative number of tokens. Also, 
since M aj (p) > g(aj)(p), either M aj (p) > M' aj (p) or M{aj){p) > f(\aj\ - l,p). 

Second, suppose that M a {p) > f(\a\ — l,p). \[i a j\ < £'{g{ a j)) an d g(&j) < f{\aj\ — 1) by definition. 
Hence £'(g(aj)) < i'(f(\aj\ - 1)) and \^i aj \ < £'(f(\aj\ - 1)). By definition of f(\a\ - l,p), we get M a (p) > 
W£'(f(\aj\ — 1)) + f(\cej\ — fJ-aj will remove at most W£'(f(\aj\ — 1)) tokens from p and hence, at least 
f{\aj\ — l,p) tokens will be left in place p at marking M a j. Therefore, M a j{p) > f{\aj\ — l,p). 

This completes the induction and hence the claim. 

Now, we will prove that each M a satisfies content(a). For each conjunct r > c in content(a), we will 
prove that J2 p ep L T {p)M a (p) > c, where L T is the positive linear combination represented by r. If c = 0, 
then the required result can be obtained by just observing that both L T (p) and M a (p) are positive for all 
p G P. So suppose that c ^ 0. Let Q T = {p e P L T (p) ^ 0}. We distinguish two cases: 

1. For somep G Q T , M a {p) > f(\a\-l,p). In this case, M a (p) > f(\a\-l,p) > j-^y. Hence, L T (p)M a (p) > 
c. 

2. For all p G Q T , M a (p) < f(\a\ — l,p). In this case, for all p G Q T , M a (p) > M' a (p). Since M' a satisfies 
content(a), we have J2 P eQ T L r(p) M ' a (p) > c - Therefore, J2 p& q t L T {p)M a (p) > c. 

□ 

To derive an upper bound for /(i) to use in a nondeterministic algorithm, let R = max{raiio(r > c) | r > 
c is a subformula of k}, R' = R + W + W 2 + W 3 and W = ma,x{W, 2}. Recall that D - 1 is the nesting 
depth of EF and note that boundedness and coverability can be expressed with D < 2. 

Lemma 6.4. For i > 2, /(D - i,p) < (i + l)R'W£'(f(D - i + 1)). 

Proof. By induction on i. 
i?ase case: i = 2 

/(£> - 2,p) < max{i?, W£'(f(D - 1)) + /(£> - l,p)} 
<i?+^'(/(£>-l)) + /(Z>-l,p) 

< 2i? + W/ (f(D- 1)) 

< 2R'W£'(f(D - 1)) 

Induction step: 

f(D-i- l,p) < max{i?, - *)) + f(D ~ i,p)} 

<R + W£'{f(D - i)) + + l)R'W£'{.f(D - i + 1)) 
< R'W£'(f{D - i)) + + l)R'W£'(f{D - i)) 
= (i + 2)R'W£'(f(D - i)) 

Lemma 6.5. Let = (2m(fc' + l)!) 1 . TTien £'(f{D - 1)) < (2mM/'i?') 9(1) and also £'{f(D - i)) < 
Uf=Li ((D J + l)2mWi*R<) q(l+ > +1 - D) . 

Proof. £'(f(D - 1)) < {2mW R')^ is by Lemma Next result is by induction on i. 

Base case: i = 2. Since f(D - 2,p) < 3R'W£'(f(D - 1)) and £'{f{D - 2)) < (2mW)«' 1 ) where 
r' = max{/(D - 2,p) \ p G P} + W + W 2 + W 3 , we get 

£'(f(D - 2)) < (2mW(3R'W£'(f(D - 1)) + W + W 2 + W 3 )) q(1) 

< (3 * 2mW' s R') q{1) {2mW'R') q{2) 
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Induction step: Since f(D - i - l,p) < (i + 2)R'W'l'{f{D - i)), we have 



£'(f(D -i-l))< (2mW((i + 2)R'W'£'(f(D - i)) + W + W 2 + W 3 )) q{1) 



x 9(1) 

D-l 1 



< 



(i + 2)2mW' 8 R' fl ((D-j + l)2mW m R') q(l+3+1 

j=D-i 



-D) 



= ((i + 2)2mW' 8 R') q(1) J] (( D - 3 + l)2mW m R') q{i+l+j+l - D) 



j=D-i 

D-l 

Y[ ((D - j + l)2mW /8 R 

j=D-i-l 



□ 



Theorem 6.6. Given a Petri net with an initial marking and a k formula (j), if the vertex cover number of 
the Petri net k and the maximum arc weight W are treated as parameters and the nesting depth D of EF 
modality in the formula is treated as a constant, then there is a PARAPSPACE algorithm that checks if the 
Petri net satisfies the given formula. 

Proof. First reduce 4> to the form of 7 A EF(ki) A • • • A EF(k,.), with 7 having only conjunctions of r > c 
formulas by nondeterministically choosing disjuncts from subformulas of <f>. By Lemma l6.3[ it is enough for 
a nondeterministic algorithm to guess sequences o~ a j, aj 6 r of lengths at most £'(f(\aj\ — 1)) and verify 
that they satisfy the formula. Using bounds given by Lemma l6.5l and an argument similar to the one in the 
proof of Thcorcm l4.51 it can be shown that the space used is exponential in k' and polynomial in the size of 
the net and numeric constants in the formula. This gives the ParaPspace algorithm. □ 

The space requirement of the above algorithm will have terms like m 2D and hence it will not be ParaPspace 
if D is treated as a parameter instead of a constant. 



6.2 Pumping sequences 

In order to check the truth of j3 formulas, we adapt the concept of disjointness sequence introduced in [3] 
to our notation. To make the presentation suitable for our setting, we use terminology different from those 
used in [3]- 

Definition 6.7 ([3]). Let X C P be a non-empty subset of places. If a = t% ■■■t r is a sequence of transitions 
and p is a place, A[a](p) denotes the total effect of a onp: A[a](p) — ^ i=1 Post(jp,ti) — Pre(jp,ti). A firing 
sequence a enabled at an initial marking Mo '■ P — > N is said to be a X-pumping sequence if a can be 
decomposed as G l 1 a\a' 2 0'2 • ■ • c' a o~ a such that 

1. For each p £ P, A[a±\(p) > and for each A between 2 and a, A[a\](p) < implies there is a ji < X — 1 

such that A[afj]{p) > and 
2- XC[j a x=1 {p~P\A[a A }(p)>0}. 

The subsequences <J\ , ■ ■ ■ , a a are called pumping portions of the pumping sequence. They are underlined to 
distinguish them from non-pumping portions of the sequence. 

The following lemma from [3] establishes the connection between model checking fj formulas and the existence 
of pumping sequences. 

Lemma 6.8 (|3j). N, Mq |= {n, . . . , r r } = u) iff there exists a X -pumping sequence for some X C P such 
that for every j £ {1, • ■ ■ ,r}, there is a pj € X with L T .(j}j) > 1. 

Proof. (-4=) Suppose there is a X-pumping sequence a as given in the lemma. Let a[ o~\ ■■■ o~' a o~ a be the 
decomposition of a as in Def . 16.71 By repeating the subsequences a\ , . . . , a a suitably many times (see [3J 
Lemma 3.1]), we can ensure that for all c € N, there is a marking M reachable from Mq such that for all 
je{l,...,r},j: peP L T] (p)M(p)>c. 

Suppose TV, Mq \= {n, . . . , r r } = lj. By semantics, we get Vc £ N, there is a marking M reachable 
from Mq such that for all j G {!,..., r} J2 p ep ^ (p)M(p) > c. Hence, we can conclude that for all ceN, 
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there are places p\,p%, ■ ■ ■ >Pr and M c reachable from Mq such that M c (pj) > c A L Tj (p^) > 1 for all 
j £ {1, . . . , r}. For each ceff, let X c = {pi, . . . ,p°}. Since the sequence X 1 , X 2 , ... is infinite and there 
are only finitely many subsets of P, at least one subset of P occurs infinitely often in this sequence. Let X 
be this subset. We will now prove that there is a X-pumping sequence using some results about coverability 
trees [H Section 4.6]. 

Recall that in a coverability tree, markings M : P — > N are extended to w-markings M : P — > NU{w}, by 
mapping unbounded places to lu. We first claim that there is some reachable w-marking M in the coverability 
tree of (Af, Mo) such that for all p £ X, M(p) — lu. Suppose not. Then, for every reachable cj-marking M, 
there is some place p £ X such that M (p) < lu. Let c be the maximum of such bounds. Then, by [3J Theorem 
22], for every marking M reachable from Mq, there exists p £ X such that M(p) < c, a contradiction. Hence, 
there is a reachable w-marking M in the coverability tree of (A/", Mo) such that for all p £ X, M(p) = lu. 
Now, the required X-pumping sequence can be constructed (see [3j Lemma 3.1] for details). □ 

Model checking j3 formulas thus reduces to detecting the presence of certain X-pumping sequences. The 
following definition adapted from [3] is a generalization of Q-enabled self-covering sequences. 

Definition 6.9 ([3]). Let I C Q C P be a subset of places that contains all independent places, Y C P a 
possibly empty subset of places and X C P a non-empty subset of places. Let M : P —> Z and c £ N U {lu}. 
A sequence of transitions is said to be a F-neglecting weakly M, Q, c-enabled X-pumping sequence 
if it can be decomposed as o J x <j\o'tfj>x ■ ■ ■ o~' a o_a such that 

1. For each 1 < A < a, for each p £ P, A[a\]{p) < implies (there is a 1 < /i < A — 1 such that Z\[cr M ](p) > 
or p £ Y ) . 

2- X£{f x=l {p£P\A[a±{p)]>0}\Y. 

3. For any intermediate marking M' and any place p £ Q \ I , M'(Q) < c. 

4- For any intermediate marking M' and any place p £ Q, M'(p) < implies (there is a occurring before 
M' such that A[a^](p) > or p £Y). 

Intuitively, a Y- neglecting weakly M, Q, c-enabled X-pumping sequence maintains the number of tokens 
between and c in all places in Q while in other places, it can become less than or more than c. If a place 
p £ Q has already been pumped up by some pumping portion , p may have negative number of tokens in 
intermediate markings that occur after a^. The following lemma implies that for detecting the presence of 
pumping sequences, it is enough to detect certain weakly enabled pumping sequences. 

Lemma 6.10 ([3]). Let X C P be a non-empty subset of places and Mq : P — > N be the initial marking. Any 
X -pumping sequence enabled at Mq is a ^-neglecting weakly Mq, P,lu- enabled X -pumping sequence. Suppose 
that a = a[o-io-2<72 ■ ■ -o' a a a is a %-neglecting weakly Mq, P, lu- enabled X-pumping sequence. Then, there are 
n\, fi2, . . . , n a £ N such that a[ai ni a' 2 o-2 n2 ■ ■ ■ <j' a a a na is a X-pumping sequence enabled at Mq. 

Proof. The first part follows from definitions. For the second part, we define n a , . . . ,ni in that order as 
follows: 

- n a = 1. 

— Suppose 1 < A < a and nx+i, . . . ,n a have already been defined. Define n\ to be (a — A)(|cr| — l)W + 

We will prove that a' = o-' l o-\ ll o 2 02 a ' 2 ■ ■ • o-' a a a nc " satisfies all conditions of Def. 16.71 and that it is enabled 
at Mo. Condition 2 follows by the fact that a satisfies condition 2 of Dcf. 16.91 and that Y — 0. Condition 
1 of Dcf. 16.71 follows by the fact that a satisfies condition 1 of Def. 16.91 and that Y = 0. For proving that 
a' is enabled at Mo, we will prove the following claim by induction on A: for any intermediate marking 
M' occurring when firing a[ai ni ■ ■ ■ a' x cr\ nx from Mo and any p £ P, M'(p) > 0; and for any intermediate 

marking M" occurring while firing a' from M and any p' £ U^=i{p € P I ^M(p) > °}> M"(p) > 0. 

Base case A = 1: Since Y = and a satisfies condition 4 of Def. 16. 9[ for any intermediate marking M' 
occurring when firing a[ai from Mq and any place p £ P, M'{p) > 0. Since a satisfies condition 1 of Def. 16.91 
and Y = 0, Z\[cri](p) > for any place p £ P. Hence, for any intermediate marking M' occurring when firing 
a[ai ni from M and any place p £ P, M'{p) > 0. Since \a' 2 ■■■(j' a \ < {a - l)(|er| - 1) and \a2 n2 ■ ••£a™<*| < 
^™ =2 (|cr| — l)ffy, o r 2°'2 n2 ■ ■ ■ gqCTq"" can decrease at most {a — 1) ( |ex| — 1)W + X^=2(l°1 ~ ^)Wn^ tokens 

from any place. If Mq > M\ and Zi[eri](p) > for any place p, then M\(p) > (a — l)(|er| — 1)W + 

X^=2(l°1 — l)Wn^. Hence, the second part of the claim follows. 
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Induction step: Assume that Mo > M\. Suppose for some place p' and some intermediate 

marking M' that occurs while firing cta+iOa+i from M\, M'(p) < 0. By induction hypothesis, p' U^=i{p £ 
P | Z\[cr p ](p) > 0}, which contradicts the fact that a satisfies conditions 1 and 4 of Dcf. 16.91 Also from condi- 
tion 1 of Def. HEU A[a\ +1 ](jp) > for any p U^ = i{p G P I ^[°>Kp) > °}- Hence, for all p G P and any in- 
termediate marking M' that occurs while firing ct a+1 (Ta+i" a+1 from Ma, M'(p) > 0. Suppose A + 2 < a. Since 
K +2 ■■■a' a \<(a-X- l)(\a\ - 1) and \a x+2 n ^ ■ -^"\ < EjU+aCM - <+2^±2 nx+2 ' • ' <<? a 

can decrease at most (a— A— 1) (| cr| — 1)W+E" = a+2(I°1 — ^)Wn^ tokens from any place. If M\ > 



M x +i and A[a x+1 ](p) > for any place p, then M A +i(p) > (a — A - l)(|<r| - 1)W + IZ" =A+2 (kl - l)Wn A 
Hence, second part of the claim follows. 



As is done in section [SJ we will bound the length of weakly enabled pumping sequences by induction on 
\Q\. The following two lemmas are helpful in manipulating weakly enabled pumping sequences. 

Lemma 6.11 ([3]). Suppose a — o~'iOio 2 • • ■ o~' a cr a is a Y -neglecting M,Q,u>- enabled X-pumping sequence. 

Then the sequence a' = a'lCr" 1 crier" 1 cr 2 ■ ■ ■ a' a a2"cr a is also a Y -neglecting M,Q,ui- enabled X-pumping se- 
quence for any ni, n[, . . . , n a G N (o~\ is same as o~\, except that o~\ is not considered a pumping portion 
while o\ is considered a pumping portion). 



Proof. We will prove that the new sequence satisfies all the conditions of Def. 16.91 Conditions 1 and 2 are 
satisfied since the set of pumping portions of the new sequence is equal to that of the old one and occurs 
in the same order. Condition 3 is trivially satisfied since in this case, c = u). Suppose for some intermediate 
marking M' and some place p G Q, M'(p) < 0. Let /i be the maximum number such that occurs before M' . 



Suppose M - — - => M" and M" M' . If p G Y or p G U^=i{p' e P | A[<JjAW) > 0}, 

there is nothing else to prove. Otherwise, Z\[ay](p) = for every // between 1 and /i. This implies that if 

M => M 2 and Mi — > M3, then M^p) < 0, contradicting the fact that a satisfies condition 4 of 

Def. MM □ 



Lemma 6.12. Suppose a — a[ai ■ ■ -cr' a a a is a Y -neglecting weakly M,Q,lo- enabled X\-pumping sequence 
and 7r = 7r^7ri ■ ■ • Tr' a ,n a > is a Y\-neglecting weakly M\,Q,w- enabled X 2 -pumping sequence. If Y\ = Y U 
{p G P I A[ax\(p) > 0,1 < A < a}, M M 2 and for all p G Q \ Y 1 , M 2 {p) = Mi(p), then an = 
o-[ai ■ ■ ■ a' a a a 'n'- l Ti\ ■ ■ ■ n' a ,Tr a i is a Y -neglecting weakly M, Q,u>-enabled (X\ U X 2 )-pumping sequence. 

Proof. We will prove that the combined sequence satisfies all conditions of Def. 16.91 

1. This follows since a and tt individually satisfy condition 1 of Def. 16.91 and Y% = Y U {p G P \ A[o-\](p) > 
0,1<A<«}. _ 

2. This follows from the fact that X\ and X 2 individually satisfy condition 2 of Def. 16.91 

3. This is trivially satisfied since in this case, c = uj. 

4. Suppose M' is some intermediate marking that occurs while firing tt from M 2 with M'(p) < for some 
p G Q. If p G Yi or there is some ny_ occurring before M' such that Z\[7Tv](p) > 0, there is nothing- 
more to prove. Otherwise, the fact that p G Q \ Yy and M 2 (p) — M\{p) contradicts the fact that tt is 
a Yi-neglecting weakly M, Q, w-enabled ^-pumping sequence, that should have satisfied condition 4 of 
Def. EH □ 



Now, we will generelize slencov and t\ to weakly enabled pumping sequences so that we can calculate 
bounds on their lengths by induction on \Q\. 

Definition 6.13. Let Q,X,Y C P be subsets of places such that ICQ and X is non-empty. Suppose 
a = a' x a\ ■ ■ ■ o~' a o a is a Y -neglecting weakly M, Q, u-enabled X-pumping sequence for some M : P — > Z. For 
some independent place p £ I, if there is a p such that ^[er^] > 0, we do not care if p has negative number 
of tokens in some intermediate marking that occurs after a^, even if p ^ Y . For each p G I \ Y , let p[p] be 

the minimum number such that Z\[ct^[p]](p) > 0. If M > Mi, then the set of all intermediate 

markings occurring between M and Mi (including M and Mi) is called the caring zone of p. If there is no 
cr M such that Z\[er M ](p) > 0, then the caring zone of p is the set of all intermediate markings. 
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Definition 6.14. Let U' £ N be some fixed number. For j £ N, Q,X, Y C P with ICQ and X non- 
empty and a function M : P — > Z, pumlen(Q, j, M, X,Y) is the length of the shortest Y -neglecting weakly 
M, Q, u-enabled X -pumping sequence from M if there is a Y -neglecting weakly M, Q, u-enabled X -pumping 
sequence from M in which every independent place p £ I\Y has at most U' + jW tokens in all intermediate 
markings belonging to the caring zone of p. Let pumlen(Q, j, M, X,Y) be if there is no such sequence. Let 
= max{pumlen(Q,j,M,X,Y) \ I C Q C P, \Q \ I\ = i,M ; P Z,X,Y C P, X ^ 0}. 

Lemma 6.15. Let Q, X,Y C P be subsets of places such that L £ Q and X is non-empty and let U' £ N. 
Let e £ N. Suppose there is a Y -neglecting weakly M, Q, e-enabled X -pumping sequence a — a^ai ■ ■ ■ o~' a a a 
for some M : P — > Z such that every place p £ L \ Y has at most U' tokens in all intermediate markings 
belonging to the caring zone oj' p. Then, there is a Y -neglecting weakly M, Q,uj-enabled X -pumping sequence 
of length at most 8ak'(2e) c k (U'W) C m for some constant d '. 

Proof. By induction on a. 

Base case a — 1: In this case, a = a[ai. All intermediate markings occurring as a result of firing a from 
M belong to the caring zone of each place p £ I \ Y. If any two intermediate markings occurring when a[ is 
fired from M agree on all places in Q\Y, then the subsequence between them can be removed. Hence, we 
can assume without loss of generality that \a[ \ < U' m e k . 

As in Rackoff's proof of Lemma 4.5 in |21) . remove Q \ K-loops from <7i carefully until what remains 
behind is a sequence o'{ of length at most (U' m e k + l) 2 . Let b £ N' 5 ^' be the vector containing a 1 in 
each coordinate corresponding to a special place in S \ Y whose number of tokens is increased by a\ and 
in all other coordinates. If 7r is a Q \ F-loop, its loop value is the vector in Zl s \ y l, which contains in each 
coordinate the total effect of n on the corresponding special place in S\ Y. Let L C Zl s \ F l be the set of loop 
values that were removed from o~\. Let B be the matrix with \S\ Y\ rows, whose columns are the members 
of L. For any sequence 7r, let ef (it) be the vector in Z' S \ F ' , which contains in each coordinate the total effect 
of 7r on the corresponding special place in S \ Y . By definition, ef (cti) > b. The effect of a\ can be split into 
the effect of a" and the effect of Q \ F-loops that were removed from u\ . If x(z) is the number of Q \ Y- loops 
removed from a\ whose loop value is equal to the i th column of B, then we have Bx > b — ef (<r"). 

A loop value is just the effect of at most e k U' m transitions, and hence each entry of B is of absolute 
value at most e k U lm W . The matrix B has therefore at most (2e k U' m W + l) k columns. Each entry of 
b - ef(af) is of absolute value at most W(e k 'U' m + l) 2 + 1. Letting di = k' and d = max{(2e fe '[/ /m W r + 
l) k ' ,e k 'U' m W, W(e k 'U' m + l) 2 + 1} < [2ef k '{U'Wf m \ we can apply Lemma 4.4 of 21 j. The result is that 
there is a vector y £ N' L ' such that the sum of entries of y is equal to h < d((2e) 3k (U'W) 3m ) ck for some 
constant c. Let c' be a constant such that h < k'(2e) c k (U'W) C m . 

Now, we will put back l\ Q\F-loops back to a", which was of length at most (e k U' m + 1) 2 . Since the length 
of each Q \ F-loop is at most e k U lm , the total length of the newly constructed pumping portion is at most 
(e k 'U' m + l) 2 + k'(2e) c ' k ' 3 (U'W) c ' mi . Together with a x , whose length is at most e k 'U' m , we get a F-neglecting 
weakly M, Q, w-enabled A-pumping sequence of length at most 2(e k 'U' m + l) 2 + fc'(2e) c ' fe ' 3 (U'W) c ' mi < 
8k'{2e) c ' k ' S \lJ'W) c ' m \ 

Induction step: Suppose a = o-[aj_- ■ ■ a' a+1 cr a+ i. Let Xi — {p £ P \ A[aj](p) > 0}. The sequence a[aj_ is 

a F-neglecting weakly M, Q, w-enabled Ai-pumping sequence. Let M — => Mi. As is done in the base case, 
we can replace a[aj_ by another F-neglecting weakly M, Q, w-enabled Ai-pumping sequence a' of length at 

most 8k'(2e) c ' k '\u'W) c ' mi ending at some marking M 2 such that for all p £ Q \ Y, M 2 (p) = Mi(p) (this is 
because we only remove Q \ Y loops from a[ai to obtain the shorter sequence a'). 

The sequence o-' 2 02_ - ■ -a' a+l a a +i is a (Y U Ai)-neglecting weakly Mi, Q, w-enabled (X \ Ai)-pumping 
sequence. By induction hypothesis, there is another (Y U X\ )-neglecting weakly Mi, Q, w-enabled (X \ Xi)- 
pumping sequence a" of length at most 8fc'a(2e) c k (U'W) C m . Lemma 16.121 implies that a' a" is a Y- 
neglecting weakly M, Q, w-enabled (X \ X\) U Ai-pumping sequence. The length of a' a" is at most 8k' (a + 
l)(2e) c ' k ' 3 {U'W) c ' m ' 1 . 

Using the technical lemmas proved above, we will now obtain a recurrence relation for 
Lemma 6.16. i 2 (0,j) < 8mk'(2(U' + jW)W) c ' m \ 

Proof. By Lemma T6. 151 after setting e = 1 and substituting U' by U' + jW. 
Lemma 6.17. £ 2 (i + l,j) < 10mk'(2W£ 2 (i, j + l)) c ' k ' 3 ((£/' + jW)W) c ' m4 . 
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Proof. Let Q,X,Y C P be subsets of places such that I C. Q, \Q \ I\ = i + 1 and X is non-empty. Let 
M : P — > Z be some marking. Suppose there is a y-neglecting weakly M, Q, w-enabled X-pumping sequence 
cr such that every independent place p G I \ Y has at most U' + jW tokens in any intermediate marking 
belonging to the caring zone of p. We will prove that there is a y-neglecting weakly M, Q, w-enabled X- 
pumping sequence of length at most 10mk'(2W£ 2 (i,j + l)) c ' k ' ((U + jW)W) c ' m . 

Case 1: The sequence cr is a y-neglecting weakly M, Q, W £2(^,3 + l)-enabled X-pumping sequence. The 
required result is a consequence of Lemma EjjjJ after substituting U' + jW for U'. 

Case 2: The sequence a decomposes into a = o\o~\ ■ ■ ■ a a a a such that for some 2 < A < a, M > 

Mi — ^» M2 and there is some intermediate marking M' between Mi and M2 and a place q G Q \ Y with 
M'(q) > W £2(1,3 + 1). Let M' be the earliest such intermediate marking occurring outside of pumping 
portions. If there is some A > 1 such that {p G P \ A[a\\{p) > 0} C Uu=i{J 5 e p I ^WiAiP) > °}: then a\ 
can be considered as a non-pumping portion and the resulting sequence will still be a Y"-neglecting weakly 
M, Q, w-enabled X-pumping sequence. Hence, without loss of generality, we can assume that a < m. Let 

1/ 2/ 

Mi M' M 2 . Let X x = U^=ib» ^ P \ Z\[cr M ](p) > 0}. The sequence <t[<ji ■ ■ - ax-i is a F-neglecting 
weakly M 1 Q,W£2(i,j + l)-enabled ATi-pumping sequence in which every place p G Q \ Y has at most 
U' + jW tokens in all intermediate markings belonging to the caring zone of p. By Lemma 16.151 there is 
a F-neglecting weakly M, Q, w-enabled ATi-pumping sequence tti of length at most 8(A — l)fc'(2W ? 4(i, j + 
l)) c ' k ' 3 ((U' + jW)W) c ' m \ We can remove all (Q\Y\ Xi)-loops from cr{' to obtain Tr{' of length at most 

(W£ 2 (i,j + l)) k '(U' + jW) m . If M ^ M[ M" -^U Mj, we will have M"(p) = M'(p) for all 

pe(Q\y\X x ). 

The sequence crfax ■ ■ ■ u' a a a is a (yuXi)-neglecting weakly M' , Q, w-enabled (X\Xi)-pumping sequence 
such that every independent place p G / \ (Y U X\ ) has at most U' + jW tokens in all intermediate markings 
belonging to the caring zone of p. By definition, there is a (Y UXi)-neglecting weakly M', Q \ {q}, w-enabled 
(X \ Xi)-pumping sequence TT2 of length at most £2(1, j). If q G Xi, then ir 2 is also a (Y U Xi)-neglecting 
weakly M', Q, w-enabled (X \ X\) -pumping sequence. Otherwise, M"(q) = M'(q) > W£2{i,j) and 7r 2 can 
decrease at most W £2(1,3) tokens from q, so again TT2 is a (Y U Xi)-neglecting weakly M', Q, w-enabled 
(X \ Xi)-pumping sequence. In either case, Lemma 16.121 implies that 7Ti7rj;'7r2 is a y-neglecting weakly 
M, Q, w-enabled X-pumping sequence. Its length is at most &ak'(2W£ 2 {i,j + l)) c ' k ' 3 ((U' + jW)W) c ' m4 + 
(W £ 2 (i,3 + l)) k '(U'+3W) m + £2(1,3)- 

Case 3: The sequence a decomposes into a — cr' x a\ ■ ■ ■ cr' a o~ a such that for some intermediate marking M' 

occurring while firing a[ from M, there is some place q G Q \ Y such that M'(q) > W£2(i,j)- Let M' be 

1/ 2; 

the first such intermediate marking. Let M — M' — ^> Mi. Remove all Q \ V- loops from a\ to get tt\' 

of length at most (W£ 2 (i,j + l)) k ' {U 1 + jW) m . In addition, M ^> M" such that M"(p) = M'(p) for all 
p G Q \ Y. The sequence ct^'cti ■ ■ • a a is a y-neglecting weakly M', Q \ {g}, w-enabled X-pumping sequence 
such that every independent place p <E I \ Y has at most U' + jW tokens in any intermediate marking 
belonging to the caring zone of p. By definition, there is a y-neglecting weakly M',Q \ {q}, w-enabled X- 
pumping sequence it of length at most £2(1,3)- Since 7r can decrease at most W£ 2 (i,j) tokens from q and 
M'{q) — M"(q) > W £2(1,3"), n is also a y-neglecting weakly M', Q, w-enabled X-pumping sequence. Hence, 
<j\'tt is a y-neglecting weakly M, Q, w-enabled X-pumping sequence. 

Case 4: The sequence a decomposes into a = u' x g\ ■ ■ ■ o' a o a such that for some 1 < A < a, M — = > 

Mi ^=> M2 and there is some intermediate marking M between Mi and M2 and a place q & Q\Y with 
M'(c/) > W£2(i,j + 1). For every independent place p G J \ Y, if Z\[a>J(p) > W, transfer to p v the last 
transition in o~\ that adds tokens to p, where v is the variety of p. Repeat this until for every p G I \ Y 
with Z\[cta](p) > 0, no more than W and no less than 1 tokens are added by the new pumping portion after 
the transfers. By Lemma 16.111 a' x a\ ■ ■ ■ a' x o-\a\ ■ ■ ■ a a is a y-neglecting weakly M, Q, w-enabled Af-pumping 
sequence such that every independent place p G I\Y has at most U' + (j + 1)W tokens in any intermediate 
marking belonging to the caring zone of p. Now, we are back to case 2 or case 3 with {j + 1) replacing 3. □ 

As earlier, we will denote c'fc' 3 by h. 

Lemma 6.18. £2(1,3) < (10TOfc') (1+,l)! (2W) poly ^ hZ '> (U' + (j + i)W) poly ^ where pol yi (h l ) and poly 2 (h l ) 
are polynomials in h l ,c', k' and m. 
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Proof. By induction on i. £2(0, j) < 8mk'(2(U' + jW)W) c m . We will choose polyi and poly 2 such that 
8mk'(2(U' + jW)W) c ' m4 < 10mk'(2W) polyi(1 \U' + jW) poly2(1 K 

+ < 10mk'(2We 2 (i,j + l)) h ((U' + jW)W) c ' m * 

< lOmfc' [2T^(10mfc') (1+ ' l), (2T^) po ^i ( ' l!) (C/' + (j + l + i)T^) J ' o ^ (/ll) j' 1 

((c/' + jw)wy' mi 

< (I0mk') 1+h( - 1+h ^ (2W) ( ' 1+polyi( > ht ^ h+c ' rn4 (U' + (j + i + \)W) poly2( -- h '^ h+c ' mi 

It is now enough to choose poly 1 and poly 2 such that poly 1 (h°) > c'm 4 , poly 1 (h z+1 ) > (1 + poly 1 (h l ))h + c'm 4 , 
poly 2 (h°) > c'm 4 and poly 2 (h l+1 ) > poly 2 (h l )h + c'm 4 . These conditions are met by poly 1 (h l ) — h l c'm 4 + 
(h + c'm 4 )^ - 1) and poly 2 {h l ) = tidm 4 + c'm 4 ^ - 1), assuming h>2. □ 



For the upper bound obtained in Lemma 16.181 to be useful, we should have a pumping sequence in which 
independent places have controlled number of tokens in intermediate markings (i.e., U' and j are bounded). 
The following lemma establishes this with the help of truncation lemma. 

Lemma 6.19. Let Q,X,Y C P be subsets of places such that ICQ and X is non-empty. For some 
M : P —> Z, suppose a is a Y -neglecting weakly M, Q, u- enabled X -pumping sequence. Let U be the maximum 
of the range of M and let U' = U + W + W 2 + W 3 . There is a Y -neglecting weakly M, Q, u>- enabled X -pumping 
sequence in which every independent place p E I \ Y has at most U' tokens in all intermediate markings 
belonging to the caring zone of p. 

Proof. Suppose a is of the form a — o-' 1 o\o' 2 o~2 ■ • ■ o~' a o~ a . Ensure that for every independent place p £ I \ Y 
and 1 < A < a, if Z\[(Ta](p) > 0, then Z\[cta](p) > 2W. If this is not the case, we can repeat o\ 2W times. 

By Lemma l6.11[ a' x a\a\a\ o^o^a^o^ ■ ■ ■ o~' a a a o~ a is also a y-neglecting weakly M, Q, w-enabled X-pumping 
sequence. Consider some 1 < A < a and an independent place p € I \ Y such that Z\[(7a](p) = and 

cr\<J\(T\a\ a\ &\ a\ 

a\ occurs within the caring zone of p. Let M = > M\ > M3 ^=> M4 — > Let e\ = 

min{M'(p) \ M' occurs between Mi and M3} be the minimum number of tokens mp among all intermediate 
markings occurring between M\ and M3. Let M 2 be the first intermediate marking between M\ and M3 
such that M 2 {p) = e\ (see Fig. SJ. Similarly, let e 2 = min{Af'(p) | M' occurs between M4 and Mq} be 



= 

o 



o 



ei = e 2 




Steps of firing sequence 



Fig. 4. Illustration for proof of Lemma [6.191 



the minimum number of tokens in p among all intermediate markings occurring between M4 and Mq. Let 
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M5 be the last intermediate marking occurring between M4 and Mg such that M${p) — e<z- Note that 

since A[ax\(p) = A[a\](p) = 0, e x = e 2 . Let Mi M 2 M 3 -=> M 4 M 5 M 6 . Let tt a 

be the sub- word of a\o-\o~\ consisting of all the transition occurrences having an arc to/from p. Since 
M2(p) = e± = e 2 = Ms(p) is the minimum number of tokens in p among all intermediate markings occurring 
between M 2 and M5, Z\[7Ta](p) = and tt\ is safe for transfer. Transfer tt\ fromp top v , where v is the variety 
of p. Perform similar transfers for all 1 < A < a and independent places p £ I\ Y such that Z\[cta](p) = 
and o~\ occurs within the caring zone of p. 

Consider some 1 < A < a and an independent place p £ I \ Y such that zA[cta](-P) > and <J\ oc- 

curs within the caring zone of p. Let A/ = > A/i — > A/3 ^=> A/4. Let ei = min{A/'(p) | 

M' occurs between Mi and M3} be the minimum number of tokens in p among all intermediate markings 
occurring between Mi and M3. Let M 2 be the first intermediate marking between Mi and M3 such that 

M^{p) = e\. Let Mi — ^> A/2 — ^ A/3 ^=> A/4. Let ir\ be the sub-word of o\<J\ consisting of all transition 
occurrences having an arc to/from p. Since A/ 2 (p) = e\ is the minimum number of tokens in p among all 
intermediate markings between A/i and M4, tt\ is safe for transfer. Transfer tt\ to p v . To ensure that after 
this transfer, number of tokens in p is pumped up during the pumping portion under consideration, identify 
the last transition in n\ that adds tokens to p and transfer it back to p. Since Z\[o\\J(p) > 2W, this last back 
transfer will not violate any property of the pumping sequence. Perform this transfer and back transfer for 
all 1 < A < a and independent places p £ I \ Y such that Zi[cr\](p) > and a\ occurs within the caring zone 
of p. 

Now, we have a y-neglecting weakly M, Q, w-enabled X-pumping sequence with the following properties: 

1. For all 1 < A < a and independent places p € I\ Y such that Z\[<7a](.p) = and <j\ occurs within the 
caring zone of p, no transition in a\ has an arc to/from p. 

2. For all 1 < A < a and independent places p £ I \ Y such that Z\[cta](p) > and <j\ occurs within the 
caring zone of p, there is only one transition in a\ that has an arc to/from p and this transition adds 
some tokens to p. 

Consider an independent place p £ I \ Y of some variety v. Let M' be the last intermediate marking in the 
caring zone of p such that M'(p) is the minimum number of tokens in p among all intermediate markings in 
the caring zone of p. 

Case 1: M'(p) > M{p). In this case, the number of tokens in p does not come below M(p) at all. Let 7r p 
be the sub- word of the pumping sequence consisting of all transitions occurrences within the caring zone of 
p that have an arc to/from p, except the last such transition. Transfer tt p to p v . 

Case 2: M'{p) < M{p). Invoking truncation lemma with e = M(p) + W, we identify sub-words between 
M and A/' and transfer them to p v so that in any intermediate marking within the caring zone of p, p has 
at most U + W + W 2 + W 3 tokens. Note that none of the sub- words transferred will involve any transition 
in pumping portions due to the property we have ensured above. 

Due to the property we have ensured above, if for some place p £ I \ Y , there is some tr M occurring within 
the caring zone of p with Z\[cr AI ](p) > 0, it remains so after any of the transfers above. For every independent 
place p £ I \ Y , we identify and transfer sub- words to p v based on one of the above two cases. Finally, we 
end up with a y-neglecting weakly A/, Q, w-enabled X-pumping sequence such that every independent place 
p £ I \ Y has at most U' tokens in all intermediate markings belonging to the caring zone of p. □ 

We will now combine results of previous lemmas to give a ParaP space upper bound for model checking 
j3 formulas. 

Theorem 6.20. With the vertex cover number k and maximum arc weight W as parameters, (3 formulas of 
the logic given in the beginning of this section can be model checked in ParaP SPACE. 

Proof. From Lemma 16.81 model checking /? formulas is equivalent to checking the presence of X-pumping 
sequences for some X. The choice of X can be done non-deterministically in the algorithm. From Lemma r6.10l 
checking the presence of X-pumping sequences is equivalent to checking the presence of 0-neglecting weakly 
Mo, P, w-enabled X-pumping sequences. Setting U' = U + W 2 + W 3 in Def. 16.141 Lemma f6 . 1 91 implies that if 
there is a 0-neglecting weakly Mo, P, w-enabled X-pumping sequence, there is one of length at most i^ik' 1). 

A non-deterministic Turing machine can test for the presence of a weakly enabled pumping sequence 
by guessing and verifying a sequence of length at most £2(k',l). By Lemma 16.181 the memory needed by 
such a Turing machine is O (m log |M | + m + log W + (1 + c'k' 3 ) k logfc'logm + poly 1 (c' k k' 3k ) log IF + 
poly 2 (c' k ' k' 3k ') log(U'k'W)), or O(mlog |M | + m + poly(c' 3k k' 3k ) log(U'k'mW)) for some polynomial poly. 
An application of Savitch's theorem now gives us the required ParaPspace algorithm. □ 
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7 Conclusion 



With the vertex cover number of the underlying graph of a Petri net and maximum arc weight as parameters, 
we proved that the coverability and boundedness problems can be solved in ParaP space. A fragment of CTL 
based on these two properties can also be model checked in ParaPspace. Since vertex cover is better studied 
than the parameter benefit depth we introduced in [20 , the results here might lead us towards applying 
other techniques of parameterized complexity to these problems. Whether coverability and boundedness are 
in ParaPspace with the size of the smallest feedback vertex set and maximum arc weight as parameters is 
an open problem. 

Acknowledgements. The author acknowledges Kamal Lodaya and Saket Saurabh for helpful discussions 
and feedback on the draft. 
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A Proof of Truncation Lemma 

Proof (Lemma \3.3\) . Let M[ be the last intermediate marking before Mi such that M[(pi) < e + W 2 (see 
Fig. [3]). Let Afg be the first intermediate marking after Mi such that Afg(pi) < e + W 2 . We will call the 



> e + W 2 + W 3 




Steps of firing sequence 



Fig. 5. Illustration for proof of Lemma [3731 

subsequence between M[ and Mi as ascent and the subsequence between Mi and M^ as descent. During 
ascent, the number of tokens in p\ increases by at least W 3 . Since each transition can add at most W tokens 
to px, there are at least W 2 transitions adding tokens to p\ during ascent. There must be at least one number 
1 < wi < W such that among these W 2 transitions, there are at least W transitions that add exactly W\ 
tokens to p\. Similarly, there is a number 1 < wi < W such that at least W transitions remove exactly wi 
tokens from p\ during descent. The sub- word a' we need consists of wi "adding" transitions from ascent and 
wi "removing" transitions from descent. The total effect of a' on p\ is and it is safe for transfer from p\ to 
Pi by construction. Since the first part of tr' removes w\Wi > tokens from pi, the number of tokens Mi(p\) 
after transferring a' to pi is strictly less than the number of tokens before the transfer. Before transfer, 
every intermediate marking between M[ and M' z had at least e + W 2 tokens. Since the transfer of a' causes 
W\Wi < W 2 fewer tokens, all intermediate markings between M[ and M3 will have at least e > tokens in 
Pi after transfer. Intermediate markings before M[ and after M' z do not change. □ 
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